[CentOS] Re: DKIM

Wed Sep 24 21:26:03 UTC 2008
mouss <mouss at netoyen.net>

RobertH wrote:
>> prove what?
>>
>> if the machine with an rDNS of bobhoffman.com sends mail from
>> <*@bobhoffman.com>, and is the MX of this domain, would anybody think
>> this is a forgery?
>>
> 
> Mouss... I mean Ratatouille  :-)

I'm feeling hungry now!

> 
> Answer: Possibly
> 
> Depends on many factors doesn't it?

Let me restate it: I don't care if it's a forgery. it's his 
site/domain/network. if I get spam, he has to fix the problem. he can't 
tell me: "a spammer forged my domain". the answer would be "a spammer 
_owned_ your machine".

gmail do what they call a "guessed spf": if the client rdns matches the 
sender domain, they consider that the client is "authorized" (as if it 
was listed in an SPF record). I can't say for yahoo, as speculation 
won't help Bob here. but I don't have an SPF record and my mail to yahoo 
users is delivered.

to say it another way: I think that clients with an rdns in the sender 
domain should be considered as "authorized" (like if they were in an SPF 
record). if the owner doesn't want, he can still firewall them. but in 
any case, he is responsible of any spam that gets out of these.